More nimiq related domains with example

[niwot]

Website with example

This issue is related to this one: https://github.com/hoshsadiq/adblock-nocoin-list/issues/442

This is the website I found the other day:

https://www.aulafacil.com/cursos/electronica/instalaciones-electricas-intradomiciliarias/tabla-de-conductores-a-utilizar-l42337

Domain causing the CPU spike

Sorry, I don't know if it is possible to reopen a closed ticket.

The domains that overload the processor seem to be those of nimiq, although it is worth analyzing the page just in case. It seems that external code from https://unpkg.com/@nimiq/ and https://app.analyzz.com is used to load the malicious code from nimiq domains.

Some of the domains I have seen in addition to those already known, and which appear to be related, are: nim.sh nmq.zxnexus.com seed.nimiq.by nimwss.lolopool.com

In relation to the latter lolopool, I have seen these two more related ones searching on the internet: nim.lolopool.com nimwss-us.lolopool.com

Regarding the domain nimiq.community, it seems that the relation with the malicious domains comes because from there the following file is called: https://nimiq.community/seeds.txt

This file seems to be also on github: https://github.com/nimiq/community/blob/master/seeds.txt

In those txts, I understand there are links to cryptojacking scripts or similar, and the domains are (I think all already known): seed.nimiqpool.com nimiq.icemining.ca node.nimiq.watch seed.nimiqchina.com seed.nimiq.jp nimiq.surf

[hoshsadiq]

Added a bunch of domains that seems mine. Raise another issue if I've missed any!